Gradient purification federated adaptive learning algorithm for Byzantine attack resistance

Gradient purification federated adaptive learning algorithm for Byzantine attack resistance

In the context of industrial big data, data security and privacy are key challenges. Traditional data-sharing and model-training methods struggle against risks like Byzantine and poisoning attacks, as federated learning typically assumes all participants are trustworthy, leading to performance drops...

Full description

Saved in:
Bibliographic Details
Main Authors: YANG Hui, QIU Ziyou, LI Zhongmei, ZHU Jianyong
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2024-10-01
Series:Tongxin xuebao
Subjects:
federated learning
Byzantine attack
poisoning attack
model robustness
industrial big data
Online Access:http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2024209/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In the context of industrial big data, data security and privacy are key challenges. Traditional data-sharing and model-training methods struggle against risks like Byzantine and poisoning attacks, as federated learning typically assumes all participants are trustworthy, leading to performance drops under attacks. To address this, a Byzantine-resilient gradient purification federated adaptive learning algorithm was proposed. The malicious gradients were identified through a sliding window gradient filter and a sign-based clustering filter. The sliding window method detected anomalous gradients, while the sign-based clustering filter selected adversarial gradients based on the consistency of gradient directions. After filtering, a weight-based adaptive aggregation rule was applied to perform weighted aggregation on the remaining trustworthy gradients, dynamically adjusting the weights of participant gradients to reduce the impact of malicious gradients, thereby enhancing the model’s robustness. Experimental results show that despite the increased intensity of new poisoning attacks, the proposed algorithm effectively defends against these attacks while minimizing the loss in model performance. Compared to traditional defense algorithms, it not only improves model accuracy but also enhances its security.
ISSN:1000-436X

Similar Items